Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer Engineering A Primer on Modern Cryptography (1) Author: Ahmad Boorghany Instructor: Dr. Rasool Jalili 1 / 38
39
Embed
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Introduction to Modern CryptographySharif University Spring 2015
Data and Network Security LabSharif University of TechnologyDepartment of Computer Engineering
A Primer on Modern Cryptography (1)
Author: Ahmad BoorghanyInstructor: Dr. Rasool Jalili
1 / 38
Introduction to Modern CryptographySharif University Spring 2015
Definition of Modern Cryptography Evolution from Classic to Modern Cryptography Principles of Modern Cryptography
Exact Definitions Precise Assumptions Rigorous Proofs of Security
An Introduction to Theory of Complexity Course Topics
Outline
2 / 38
Introduction to Modern CryptographySharif University Spring 2015
Modern Cryptography
and its relation to classic cryptography
3 / 38
Introduction to Modern CryptographySharif University Spring 2015
Concise Oxford Dictionary (2006): Cryptography is the art of writing or solving codes.
Classically, cryptography Focused solely on secret communication Seen as an art, relied on creativity and personal skill Used only by military and intelligence
Classic Cryptography
4 / 38
Introduction to Modern CryptographySharif University Spring 2015
In the late 20th century, cryptography deals with message authentication, digital signatures, protocols for
exchanging secret keys, authentication protocols, electronic auctions and elections, digital cash, and more.
Nowadays, cryptography is almost everywhere: ATM machines Online banking All HTTPS websites Remote login and file transfer (SSH, …) Mobile communications (GSM, …) Wireless networking (Wi-Fi, WiMAX, …)
Modern Cryptography
5 / 38
Introduction to Modern CryptographySharif University Spring 2015
An encrypted web communication (HTTPS)
Cryptography is Everywhere!
6 / 38
Introduction to Modern CryptographySharif University Spring 2015
11,748 Android apps use cryptography (encryption),however, 10,327 (88%) get it wrong [EBFK13]
Cryptography is Everywhere! (cont.)
7 / 38
Introduction to Modern CryptographySharif University Spring 2015
Katz and Lindell [KL08]: (Modern) Cryptography is the scientific study of techniques for
securing digital information, transactions, and distributed computations.
Introduction to Modern CryptographySharif University Spring 2015
Two approaches to define security goals:
No attack using ≤ 2160 time succeedswith probability ≥ 2−20
Concrete/Exact Security or -Security
Any efficient adversary succeeds with onlya negligible probability Asymptotic Security
“Efficient” = Probabilistic Polynomial Time (next sess.) “Negligible” = Easily (!) defined by a number of quantifiers
Concrete vs. Asymptotic Security
17 / 38
Introduction to Modern CryptographySharif University Spring 2015
Auguste Kerckhoffs in the late 19th century: The cipher method must not be required to
be secret, and it must be able to fall intothe hands of the enemy withoutinconvenience.
Why? Easier to maintain secrecy of a short key rather than an algorithm
Algorithm parts may be leaked: insider or reverse eng. Key revocation/reissue is easier than algorithm revocation/reissue! Different people communication: different keys or different
Introduction to Modern CryptographySharif University Spring 2015
Why exact definitions for security? Importance for design- To know what to design- Not to provide more than what needed: efficiency- (different definitions with different security levels are usually
proposed for any crypto concept) Importance for usage- Application designers match their requirement with what a scheme
provide- More precise application verification- Not to use the most secure scheme if not needed: efficiency
Importance for study- Comparing different schemes- More precise efficiency/security trade-off
Needed for security proofs (later)
Modern Crypto Principles: Exact Definitions
19 / 38
Introduction to Modern CryptographySharif University Spring 2015
Most modern cryptographic constructions cannot be proven secure unconditionally.
Thus, rely on some assumptions: Hardness of mathematical problems Hardness of cryptographic primitives
Why precise assumptions? Validation of the assumption- Reliable assumptions should be examined and tested a lot without
being successfully refuted.- The hardness of an assumption may be implied by another widely-
believed hard assumption.- Both above need precise assumptions.
Modern Crypto Principles: Precise Assumptions
20 / 38
Introduction to Modern CryptographySharif University Spring 2015
Why precise assumptions? Comparison of schemes- Scheme A relies on assumption X- Scheme B relies on assumption Y- (Stronger) assumption X implies (weaker) assumption Y- Scheme B is better
X may become invalid while Y still holds, but not vice versa.- If X and Y incomparable:
(Usually) more-studied/simpler assumption is better. Needed for security proofs (later)
Modern Crypto Principles: Precise Assumptions (cont.)
21 / 38
Introduction to Modern CryptographySharif University Spring 2015
Why a security proof? Countless examples of unproven schemes that were broken- Sometimes immediately- Sometimes years after being presented or deployed
Security testing is different than software testing- Cannot anticipate an adversary strategy
Experience shown that intuition here is disastrous.
Modern Crypto Principles: Rigorous Proofs of Security
22 / 38
Introduction to Modern CryptographySharif University Spring 2015
Reductionist Approach: Assumption X reduced to scheme A
Interpretations: If an adversary breaks the scheme A, it must have found a fast
algorithm for X. The only way to break A is to solve X efficiently.
Two sub-approaches: Asymptotic: The reduction is itself polynomial-time. Concrete: is not much different than .
Modern Crypto Principles: Rigorous Proofs of Security (cont.)
Introduction to Modern CryptographySharif University Spring 2015
Course Topics(tentative)
32 / 38
Introduction to Modern CryptographySharif University Spring 2015
Preliminaries (1 sess.) Some fundamental concepts from complexity theory Deeper look on security definition and model Games as a useful tool for security definition and proof
Pseudo-randomness (1 sess.) The notions of randomness and pseudo-randomness Mathematical notions to capture pseudo-random primitives, e.g.,
pseudo-random generators (PRNG) and pseudo-random functions (PRF)
Course Topics
33 / 38
Introduction to Modern CryptographySharif University Spring 2015
Simple cryptographic proofs (1 sess.) Constructing and proving secure primitives, e.g., PRFs from PRGs Samples of security definitions, attack models, and security proofs.
Symmetric encryption (2 sess.) Minimal full-fledged security definition for encryption (CPA) Simple encryption scheme built upon PRFs Provably-secure operation modes Stronger notions of security for symmetric encryption (CCA).
Course Topics (cont.)
34 / 38
Introduction to Modern CryptographySharif University Spring 2015
Hash functions and message authentication codes (2 sess.) Universal and collision-resistant hash function (CRHF) Provably-secure message authentication codes Provably-secure hash functions from other primitives, such as block
ciphers. Secure MACs using PRFs, CRHFs, and block ciphers.
Asymmetric (public-key) encryption (3 sess.) Different definitions for different levels of security for a public-key
Introduction to Modern CryptographySharif University Spring 2015
Mathematics of public-key cryptography (2 sess.) Quick review on mathematical backgrounds, i.e., group theory,
factoring, discrete logarithm problems, elliptic curves, etc.
Applied provably-secure schemes (1 sess.) Applications of provably-secure schemes Authenticated encryption schemes and hybrid encryption
Course Topics (cont.)
36 / 38
Introduction to Modern CryptographySharif University Spring 2015
Other topics Digital signature schemes (2 sess.) Simulation-based security definitions (3 sess.) Random oracle model (2 sess.) Identification and key distribution (3 sess.) Two-party and multi-party computation (3 sess.) Quantum and post-quantum cryptography (1 sess.) Review of other not-covered topics (1 sess.)
Course Topics (cont.)
37 / 38
Introduction to Modern CryptographySharif University Spring 2015
Questions?
38 / 38
Introduction to Modern CryptographySharif University Spring 2015
[KL08] Katz, Jonathan, and Yehuda Lindell. Introduction to modern cryptography: principles and protocols. CRC Press,
2007.[EBFK13] Egele, Manuel, David Brumley, Yanick Fratantonio, and Christopher Kruegel. "An empirical study of cryptographic misuse in Android applications." In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 73-84. ACM, 2013.